11 matches found
CVE-2026-49971 Laravel-Mediable < 7.0.0 Stored XSS via SVG File Upload
Laravel-Mediable before 7.0.0 contains a stored cross-site scripting vulnerability that allows authenticated or anonymous users to execute arbitrary JavaScript by uploading unsanitized SVG files containing embedded scripts in onload event handlers, script tags, or foreignObject elements. Attacker...
Linux Distros Unpatched Vulnerability : CVE-2026-40169
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - ImageMagick is free and open-source software used for editing and manipulating digital images. In versions below 7.1.2-19, a crafted image could result in an ou...
CVE-2026-39484 WordPress Hide My WP Ghost plugin < 7.0.00 - Open Redirection vulnerability
URL Redirection to Untrusted Site 'Open Redirect' vulnerability in John Darrel Hide My WP Ghost hide-my-wp allows Phishing.This issue affects Hide My WP Ghost: from n/a through 7.0.00...
CVE-2025-67922
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in ThemeGoods Grand Restaurant grandrestaurant allows Reflected XSS.This issue affects Grand Restaurant: from n/a through 7.0.9...
CVE-2025-67922
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in ThemeGoods Grand Restaurant grandrestaurant allows Reflected XSS.This issue affects Grand Restaurant: from n/a through 7.0.9...
CVE-2025-67544 WordPress Shopkeeper Extender plugin < 7.0 - Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Get Bowtied Shopkeeper Extender shopkeeper-extender allows Stored XSS.This issue affects Shopkeeper Extender: from n/a through 7.0...
AZL-70199 CVE-2025-12748 affecting package libvirt for versions less than 7.10.0-11
A flaw was discovered in libvirt in the XML file processing. More specifically, the parsing of user provided XML files was performed before the ACL checks. A malicious user with limited permissions could exploit this flaw by submitting a specially crafted XML file, causing libvirt to allocate too...
CVE-2025-61593 Cursor CLI Agent: Sensitive File Overwrite Bypass
Cursor is a code editor built for programming with AI. In versions 1.7 and below, a vulnerability in the way Cursor CLI Agent protects its sensitive files i.e. /.cursor/cli.json allows attackers to modify the content of the files through prompt injection, thus achieving remote code execution. A...
CVE-2025-30964
Server-Side Request Forgery SSRF vulnerability in ThemeGoods Photography photography allows Server Side Request Forgery.This issue affects Photography: from n/a through 7.7.6...
CVE-2022-2218
Cross-site Scripting XSS - Stored in GitHub repository ionicabizau/parse-url prior to 7.0.0...
AZL-9877 CVE-2022-27782 affecting package curl for versions less than 7.83.1-1
libcurl would reuse a previously created connection even when a TLS or SSHrelated option had been changed that should have prohibited reuse.libcurl keeps previously used connections in a connection pool for subsequenttransfers to reuse if one of them matches the setup. However, several TLS andSSH...